···

       
103
       
103
       
 
       
      # Uses double quotes to allow shell expansion of $(cat /run/agenix/abuseipdb)

     

       
104
       
104
       
 
       
      # Sleep 12 seconds to respect AbuseIPDB rate limit (~5 requests per minute)

     

       
105
       
105
       
 
       
      # Note: Don't use <matches> - fail2ban's wrapper causes issues with multiline content

     

       
106
       
106
       
-
       
      actionban = sleep 12; curl --fail 'https://api.abuseipdb.com/api/v2/report' -H 'Accept: application/json' -H "Key: $(cat /run/agenix/abuseipdb)" --data-urlencode 'ip=<ip>' --data 'categories=<abuseipdb_category>'

     

       
106
       
106
       
+
       
      # Don't use --fail so 429 rate limit errors don't mark action as failed

     

       
107
       
107
       
+
       
      actionban = sleep 12; curl 'https://api.abuseipdb.com/api/v2/report' -H 'Accept: application/json' -H "Key: $(cat /run/agenix/abuseipdb)" --data-urlencode 'ip=<ip>' --data 'categories=<abuseipdb_category>' > /dev/null 2>&1

     

       
107
       
108
       
 
       


     

       
108
       
109
       
 
       
      actionstart =

     

       
109
       
110
       
 
       
      actionstop =